华为设备无线环境中的MAC认证
1.基本IP地址和網絡連通性配置
[LSW1]vlan batch 12 15
[LSW1-Vlanif12]ip address 10.1.12.1 24
[LSW1-Vlanif15]ip address 10.1.15.1 24
[LSW1-GigabitEthernet0/0/2]port link-type access
[LSW1-GigabitEthernet0/0/2]port default vlan 15
[LSW1-GigabitEthernet0/0/1]port link-type access
[LSW1-GigabitEthernet0/0/1]port default vlan 12
[LSW2]vlan batch 12 24
[LSW2-Vlanif12]ip address 10.1.12.2 24
[LSW2-Vlanif24]ip add 10.1.24.2 24
[LSW2-GigabitEthernet0/0/1]port link-type access
[LSW2-GigabitEthernet0/0/1]port default vlan 12
[LSW2-GigabitEthernet0/0/2]port link-type trunk
[LSW2-GigabitEthernet0/0/2]port trunk pvid vlan 24
[LSW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 24
[LSW2-GigabitEthernet0/0/3]port link-type trunk
[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 24
[LSW1]ospf 1
[LSW1-ospf-1]area 0
[LSW1-ospf-1-area-0.0.0.0]network 10.1.12.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0]network 10.1.15.0 0.0.0.255
[LSW2]ospf 1
[LSW2-ospf-1]area 0
[LSW2-ospf-1-area-0.0.0.0]network 10.1.12.0 0.0.0.2
[LSW2-ospf-1-area-0.0.0.0]network 10.1.24.0 0.0.0.255
2.配置AC1
(1)基本IP地址和連通性配置
[AC1]vlan batch 24
[AC1-Vlanif24]ip add 10.1.24.254 24
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 24
[AC1]ospf 1
[AC1-ospf-1]area 0
[AC1-ospf-1-area-0.0.0.0]network 10.1.24.0 0.0.0.255
(2)配置DHCP功能,為接入用戶分配IP地址
[AC1]dhcp enable
[AC1]int Vlanif 24
[AC1-Vlanif24]dhcp select interface
3.配置AP上線
(1)配置域管理模板
[AC1]wlan
[AC1-wlan-view]regulatory-domain-profile name domain1
[AC1-wlan-regulate-domain-domain1]country-code cn
(2)創建AP組,綁定域管理模板
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]regulatory-domain-profile domain1
(3)配置AC源接口
[AC1]capwap source interface Vlanif 24
4.配置AP認證
在AC上離線導入AP,采用默認MAC認證,并加入AP組
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-mac 00e0-fc71-6c10
[AC1-wlan-ap-0]ap-group ap-group1
[AC1-wlan-ap-0]ap-name ap0
5.配置wlan業務
(1)配置安全模板
[AC1-wlan-view]security-profile name mac_access
(2)配置ssid模板
[AC1-wlan-view]ssid-profile name mac_access
[AC1-wlan-ssid-prof-mac_access]ssid mac_access
(3)配置vap模板
[AC1-wlan-view]vap-profile name mac_access
[AC1-wlan-vap-prof-mac_access]forward-mode tunnel
[AC1-wlan-vap-prof-mac_access]service-vlan vlan-id 24
[AC1-wlan-vap-prof-mac_access]security-profile mac_access
[AC1-wlan-vap-prof-mac_access]ssid-profile mac_access
(4)配置AP組引用VAP模板,設置VAP ID為2,射頻0和1都使用該模板
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]vap-profile mac_access wlan 2 radio all
(5)檢查配置
6.配置MAC準入控制
(1)配置radius服務器模板
[AC1]radius-server template radius
[AC1-radius-radius]radius-server authentication 10.1.15.5 1812
[AC1-radius-radius]radius-server accounting 10.1.15.5 1813
[AC1-radius-radius]radius-server shared-key cipher ABCabc@123
[AC1-radius-radius]radius-server user-name original
[AC1]radius-server authorization 10.1.15.5 shared-key cipher ABCabc@123
(2)配置AAA認證
[AC1]aaa
[AC1-aaa]authentication-scheme radius
[AC1-aaa-authen-radius]authentication-mode radius
[AC1-aaa]accounting-scheme radius
[AC1-aaa-accounting-radius]accounting-mode radius
(3)創建MAC接入模板
[AC1]mac-access-profile name mac_access_profile
(4)創建認證模板,應用各個模板
[AC1]authentication-profile name mac_authen_profile
[AC1-authentication-profile-mac_authen_profile]mac-access-profile mac_access_profile
[AC1-authentication-profile-mac_authen_profile]authentication-scheme radius
[AC1-authentication-profile-mac_authen_profile]accounting-scheme radius
[AC1-authentication-profile-mac_authen_profile]radius-server radius
(5)應用認證模板
[AC1-wlan-view]vap-profile name mac_access
[AC1-wlan-vap-prof-mac_access]authentication-profile mac_authen_profile
7.Agile Controller配置略
總結
以上是生活随笔為你收集整理的华为设备无线环境中的MAC认证的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 零相位滤波matlab,什么叫零相位滤波
- 下一篇: 线性代数之矩阵的秩(2)